So i have a dozen or so small USB drives from various events and conferences. I was wondering the best way to utilize them. Then i thought, the heck with that, what the most FUN was to utilize them.

What i would like to do is load them with and auto launching program that phones home to an open file share in the network. Then walk through the various buildings and departments on campus and leave them lying around. Ideally i want it to phone home what machine and user have the drive plugged in.

I once upon a time did something similar with a macro enabled word document / excel document and some targeted emails, which was some much needed fun.

If anyone out there has done something similar or enjoy's this sort of thing like i do and wants to give me a hand, i would appreciate it. I really have no idea where to start.

This person is a verified professional.

if google "make a bad usb" that should point you in the right direction. :)

I was looking into that earlier before i came to spiceworks... non of the USB drives i have run the Phison chipset required to convert to a badUSB or RubberDucky

I was looking for something a bit more low tech... similar to an old school autoexec that just writes to a UNC path, appending to a text file.

I have my word and excel files. "Profit Margins.docm" and "Employee_Raise_Proposal-19v2.xlsx" sitting in the root with a bunch of random folders and files to make it look like our CFO dropped it somewhere...

I'm just wondering if there is some outside of the box way to detect the USB / PC. Like idk, just spitballing here, a GPO deployed script that sits clientside that looks for a specfic file, possible containing a specific string, sitting on an external drive - that will write to a txt file on our file server if it detects it... or something similar

i figured if anyone out there would know how, it'd be a spicehead

if AV does on-access scanning you could load some EICAR test files on the drives http://www.eicar.org/ They are non-malicious but will trigger you av and let you know what systems they were plugged into

14 Replies

This person is a verified professional.

You should check out KnowBe4, they have a USB test available and it's great. I've used it several times and literally even got myself with it at one point. I had one set out by a heavy traffic printer, forgot about it and a few weeks later found it and plugged it in. Whoops.

This person is a verified professional.

I have seen a couple KnowBe4 demos, and frankly, my boss wont pay for it. I would love to be able to put over ~500 users through their paces with some real social engineering tests. I would love to be able to point them to some training if they are caught. I love the product... i just don't see it happening here - so i'm coming up with my own options. Our organization is a non-profit and IT has always taken a back burner stance in terms of the budget process. I have tried to put funds aside for "Social Engineering training" and "Security Education" and "Security patch and update application" to sneak it in, and it just didn't happen again this year.

if google "make a bad usb" that should point you in the right direction. :)

I was looking into that earlier before i came to spiceworks... non of the USB drives i have run the Phison chipset required to convert to a badUSB or RubberDucky

I was looking for something a bit more low tech... similar to an old school autoexec that just writes to a UNC path, appending to a text file.

I have my word and excel files. "Profit Margins.docm" and "Employee_Raise_Proposal-19v2.xlsx" sitting in the root with a bunch of random folders and files to make it look like our CFO dropped it somewhere...

I'm just wondering if there is some outside of the box way to detect the USB / PC. Like idk, just spitballing here, a GPO deployed script that sits clientside that looks for a specfic file, possible containing a specific string, sitting on an external drive - that will write to a txt file on our file server if it detects it... or something similar

This person is a verified professional.

You can still use the USB test for free: https://www.knowbe4.com/usb-security-test. When plugged in it will call home and track opens, if macros are enabled and more. Feel free to reach out if you have any questions!

If you are looking for other free tools we have several, just look under 'Free Tools' in the main nav anywhere on our site :)

This person is a verified professional.

if google "make a bad usb" that should point you in the right direction. :)

I was looking into that earlier before i came to spiceworks... non of the USB drives i have run the Phison chipset required to convert to a badUSB or RubberDucky

I was looking for something a bit more low tech... similar to an old school autoexec that just writes to a UNC path, appending to a text file.

I have my word and excel files. "Profit Margins.docm" and "Employee_Raise_Proposal-19v2.xlsx" sitting in the root with a bunch of random folders and files to make it look like our CFO dropped it somewhere...

I'm just wondering if there is some outside of the box way to detect the USB / PC. Like idk, just spitballing here, a GPO deployed script that sits clientside that looks for a specfic file, possible containing a specific string, sitting on an external drive - that will write to a txt file on our file server if it detects it... or something similar

i figured if anyone out there would know how, it'd be a spicehead

if AV does on-access scanning you could load some EICAR test files on the drives http://www.eicar.org/ They are non-malicious but will trigger you av and let you know what systems they were plugged into

I have our AV already configured autoscan on device connection. It will log the currently logged in user with a timestamp for any threat detection in the threat console. Loaded the USB with doc's PDFs and such. Threw a "Payroll" label on it too...

This person is a verified professional.

Wouldn't it be fun to have the USB log them off the computer, change the users password to something random and disabling the ability for them to change their own password forcing them to call you and confess to their sins.

This person is a verified professional.

Wouldn't it be fun to have the USB log them off the computer, change the users password to something random and disabling the ability for them to change their own password forcing them to call you and confess to their sins.

The problem with this is that upper management will likely be mad at you for effectively causing downtime.

This person is a verified professional.

Wouldn't it be fun to have the USB log them off the computer, change the users password to something random and disabling the ability for them to change their own password forcing them to call you and confess to their sins.

Probably would be frowned upon by management but that sounds like a lot of fun!!!

This person is a verified professional.

You should check out KnowBe4, they have a USB test available and it's great. I've used it several times and literally even got myself with it at one point. I had one set out by a heavy traffic printer, forgot about it and a few weeks later found it and plugged it in. Whoops.

I'm not saying you are being paid by them...... but money has exchanged hands :P

We are down to two providers, KnowB4 and Wombat Security (now owned by Proofpoint)